-
Notifications
You must be signed in to change notification settings - Fork 161
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1952 from truenas/TC-2.3.3
TrueCommand 2.3.3 Documentation
- Loading branch information
Showing
23 changed files
with
226 additions
and
89 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
57 changes: 57 additions & 0 deletions
57
content/TrueCommand/Administration/Admin/SAML/ConfigIDPSAMLSSO.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
--- | ||
title: "Configuring IDP SAML as SSO for TrueCommand SAML Service" | ||
description: "Provides information on setting up an identity provider (IDP) SAML provider as SSO for TrueCommand SAML service." | ||
weight: 40 | ||
aliases: | ||
tags: | ||
- tcsaml | ||
--- | ||
|
||
{{< toc >}} | ||
|
||
TrueCommand allows identity provider (IDP) SAML single sign-on (SSO) configuration as of release 2.3.3. | ||
With IDP-SAML SSO you can configure a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option. | ||
|
||
Security Assertion Markup Language (SAML) is an SSO standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). | ||
SSO works by transferring a known identity for a user to another location that provides services to the user. | ||
SAML accomplishes the transfer by exchanging digitally-signed XML documents. | ||
|
||
A SAML configuration requires an Identity Provider (IDP) and Service Provider (SP). When the IDP-SAML service provides the SSO, TrueCommand becomes the service provider. | ||
|
||
IDP-SAML provider configuration settings and attributes can differ. | ||
This article provides general instructions, settings, and attributes for configuring an IDP-SAML SSO for TrueCommand as a cloud service provider. | ||
|
||
{{< hint type=note >}} | ||
TrueCommand IDP SAML does not support groups at this time. | ||
{{< /hint >}} | ||
|
||
## TrueCommand Requirements | ||
|
||
TrueCommand requires configuring the [general settings](#general-settings) and a set of [attributes](#mapping-attributes). | ||
|
||
### General Settings | ||
|
||
Set support to PERSISTENT. | ||
|
||
Download the IDP SAML metadata. | ||
|
||
Download or copy/paste the single sign-in URL (https://) | ||
|
||
Enter attributes as shown in the table below, with the underscore (*attribute_name*) if indicated. | ||
|
||
For IDP SAML SSO, TrueCommand does not require the certificates from the IDP provider. | ||
|
||
### Mapping Attributes | ||
Define these attributes in the IDP SAML service provider: | ||
|
||
{{< truetable >}} | ||
| Attribute | Value | | ||
|-----------|-------| | ||
| Username | unique_name | | ||
| Full Name | given_name or display_name | | ||
| Email | mail or email | | ||
| Title | title | | ||
| Phone Number | telephone_number | | ||
{{< /truetable >}} | ||
|
||
{{< taglist tag="tcsaml" limit="10" title="Related SAML Articles" >}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
title: "SAML Tutorials" | ||
description: "Provides SAML tutorials for TrueCommand SAML configurations." | ||
weight: 10 | ||
geekdocCollapseSection: true | ||
--- | ||
|
||
Security Assertion Markup Language (SAML) is a single sign-on (SSO) standard for logging users into applications that require authentication credentials (like GitHub, G-Mail, etc.). | ||
SSO works by transferring a known identity for a user to another location that provides services to the user. | ||
SAML accomplishes the transfer by exchanging digitally-signed XML documents. | ||
|
||
These tutorials provide general and service specific configuration instructions to set a provider such as Okta, AuthO, OneLogin, or Google to provide TrueCommand SSO through the IDP SAML service dashboard instead of using the TrueCommand SAML sign-in option. | ||
|
||
## Article Summaries | ||
|
||
{{< children depth="2" description="true" >}} |
Oops, something went wrong.